From fe88f02971ffe5dd093941032a630fa70445b794 Mon Sep 17 00:00:00 2001 From: Jeremy Henty Date: Thu, 31 Mar 2011 19:02:37 +0100 Subject: html.cc: Html_tag_open_meta(): check that the URL exists before redirecting. --- src/html.cc | 67 ++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 35 insertions(+), 32 deletions(-) (limited to 'src/html.cc') diff --git a/src/html.cc b/src/html.cc index 3e44e26e..254ca04d 100644 --- a/src/html.cc +++ b/src/html.cc @@ -2866,41 +2866,44 @@ static void Html_tag_open_meta(DilloHtml *html, const char *tag, int tagsize) } /* Skip to anything after "URL=" */ while (*content && *(content++) != '=') ; - /* Handle the case of a quoted URL */ - if (*content == '"' || *content == '\'') { - if ((p = strchr(content + 1, *content))) - mr_url = dStrndup(content + 1, p - content - 1); - else - mr_url = dStrdup(content + 1); - } else { - mr_url = dStrdup(content); - } + if (*content) { - if (delay == 0) { - /* zero-delay redirection */ - html->stop_parser = true; - DilloUrl *new_url = a_Url_new(mr_url, URL_STR(html->base_url)); - if (a_Capi_dpi_verify_request(html->bw, new_url)) - a_UIcmd_redirection0((void*)html->bw, new_url); - a_Url_free(new_url); - } else { - /* Send a custom HTML message. - * TODO: This is a hairy hack, - * It'd be much better to build a widget. */ - Dstr *ds_msg = dStr_sized_new(256); - dStr_sprintf(ds_msg, meta_template, mr_url, delay_str); - { - int o_InFlags = html->InFlags; - int o_TagSoup = html->TagSoup; - html->InFlags = IN_BODY; - html->TagSoup = false; - Html_write_raw(html, ds_msg->str, ds_msg->len, 0); - html->TagSoup = o_TagSoup; - html->InFlags = o_InFlags; + /* Handle the case of a quoted URL */ + if (*content == '"' || *content == '\'') { + if ((p = strchr(content + 1, *content))) + mr_url = dStrndup(content + 1, p - content - 1); + else + mr_url = dStrdup(content + 1); + } else { + mr_url = dStrdup(content); + } + + if (delay == 0) { + /* zero-delay redirection */ + html->stop_parser = true; + DilloUrl *new_url = a_Url_new(mr_url, URL_STR(html->base_url)); + if (a_Capi_dpi_verify_request(html->bw, new_url)) + a_UIcmd_redirection0((void*)html->bw, new_url); + a_Url_free(new_url); + } else { + /* Send a custom HTML message. + * TODO: This is a hairy hack, + * It'd be much better to build a widget. */ + Dstr *ds_msg = dStr_sized_new(256); + dStr_sprintf(ds_msg, meta_template, mr_url, delay_str); + { + int o_InFlags = html->InFlags; + int o_TagSoup = html->TagSoup; + html->InFlags = IN_BODY; + html->TagSoup = false; + Html_write_raw(html, ds_msg->str, ds_msg->len, 0); + html->TagSoup = o_TagSoup; + html->InFlags = o_InFlags; + } + dStr_free(ds_msg, 1); } - dStr_free(ds_msg, 1); + dFree(mr_url); } - dFree(mr_url); } else if (!dStrcasecmp(equiv, "content-type") && (content = a_Html_get_attr(html, tag, tagsize, "content"))) { -- cgit v1.2.3 From da2887c4a786ffdb97ce89fa257ef9818b53285c Mon Sep 17 00:00:00 2001 From: Johannes Hofmann Date: Sun, 3 Apr 2011 21:25:53 +0200 Subject: flush the Textblock we last added to In Html_write_raw() the current textblock can change while parsing HTML. Instead of flushing the Textblock we started with, we now flush the current one. This fixes a long standing drawing bug where text was not positioned initially. --- src/html.cc | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'src/html.cc') diff --git a/src/html.cc b/src/html.cc index 254ca04d..c5acfa4a 100644 --- a/src/html.cc +++ b/src/html.cc @@ -3718,11 +3718,8 @@ static void Html_callback(int Op, CacheClient_t *Client) static int Html_write_raw(DilloHtml *html, char *buf, int bufsize, int Eof) { char ch = 0, *p, *text; - Textblock *textblock; int token_start, buf_index; - dReturn_val_if_fail ((textblock = HT2TB(html)) != NULL, 0); - /* Now, 'buf' and 'bufsize' define a buffer aligned to start at a token * boundary. Iterate through tokens until end of buffer is reached. */ buf_index = 0; @@ -3841,7 +3838,7 @@ static int Html_write_raw(DilloHtml *html, char *buf, int bufsize, int Eof) } }/*while*/ - textblock->flush (); + HT2TB(html)->flush (); return token_start; } -- cgit v1.2.3 From 9572807453da1e92657df7b88eb8a5e0f578d21c Mon Sep 17 00:00:00 2001 From: corvid Date: Mon, 4 Apr 2011 17:56:15 +0000 Subject: clearer MSG for suspicious image size I saw a MSG with size 0x[something], and of course I thought it was complaining that a size was given in hex notation. --- dw/fltkimgbuf.cc | 2 +- src/gif.c | 2 +- src/html.cc | 2 +- src/jpeg.c | 2 +- src/png.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/html.cc') diff --git a/dw/fltkimgbuf.cc b/dw/fltkimgbuf.cc index 6ba7ff1d..e3be41a9 100644 --- a/dw/fltkimgbuf.cc +++ b/dw/fltkimgbuf.cc @@ -193,7 +193,7 @@ core::Imgbuf* FltkImgbuf::getScaledBuf (int width, int height) */ if (width <= 0 || height <= 0 || width > IMAGE_MAX_AREA / height) { - MSG("FltkImgbuf::getScaledBuf: suspicious image size request %dx%d\n", + MSG("FltkImgbuf::getScaledBuf: suspicious image size request %d x %d\n", width, height); ref (); return this; diff --git a/src/gif.c b/src/gif.c index 50c68960..b5486c46 100644 --- a/src/gif.c +++ b/src/gif.c @@ -804,7 +804,7 @@ static size_t Gif_do_img_desc(DilloGif *gif, void *Buf, /* check max image size */ if (gif->Width <= 0 || gif->Height <= 0 || gif->Width > IMAGE_MAX_AREA / gif->Height) { - MSG("Gif_do_img_desc: suspicious image size request %ux%u\n", + MSG("Gif_do_img_desc: suspicious image size request %u x %u\n", gif->Width, gif->Height); gif->state = 999; return 0; diff --git a/src/html.cc b/src/html.cc index c5acfa4a..8291aad9 100644 --- a/src/html.cc +++ b/src/html.cc @@ -2044,7 +2044,7 @@ DilloImage *a_Html_image_new(DilloHtml *html, const char *tag, dFree(width_ptr); dFree(height_ptr); width_ptr = height_ptr = NULL; - MSG("a_Html_image_new: suspicious image size request %dx%d\n", w, h); + MSG("a_Html_image_new: suspicious image size request %d x %d\n", w, h); } else { if (CSS_LENGTH_TYPE(l_w) != CSS_LENGTH_TYPE_AUTO) html->styleEngine->setNonCssHint (CSS_PROPERTY_WIDTH, diff --git a/src/jpeg.c b/src/jpeg.c index a6af3a2b..93d9df07 100644 --- a/src/jpeg.c +++ b/src/jpeg.c @@ -291,7 +291,7 @@ static void Jpeg_write(DilloJpeg *jpeg, void *Buf, uint_t BufSize) if (jpeg->cinfo.image_width <= 0 || jpeg->cinfo.image_height <= 0 || jpeg->cinfo.image_width > IMAGE_MAX_AREA / jpeg->cinfo.image_height) { - MSG("Jpeg_write: suspicious image size request %ux%u\n", + MSG("Jpeg_write: suspicious image size request %u x %u\n", (uint_t)jpeg->cinfo.image_width, (uint_t)jpeg->cinfo.image_height); jpeg->state = DILLO_JPEG_ERROR; diff --git a/src/png.c b/src/png.c index b82046b9..bf9de2ef 100644 --- a/src/png.c +++ b/src/png.c @@ -137,7 +137,7 @@ Png_datainfo_callback(png_structp png_ptr, png_infop info_ptr) /* check max image size */ if (png->width == 0 || png->height == 0 || png->width > IMAGE_MAX_AREA / png->height) { - MSG("Png_datainfo_callback: suspicious image size request %lux%lu\n", + MSG("Png_datainfo_callback: suspicious image size request %lu x %lu\n", (ulong_t) png->width, (ulong_t) png->height); Png_error_handling(png_ptr, "Aborting..."); return; /* not reached */ -- cgit v1.2.3